This is the mail archive of the insight@sourceware.org mailing list for the Insight project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Unwinding TCL stack

From: "Doug Graham" <dgraham at nortel dot com>
To: insight at sourceware dot org
Date: Wed, 11 Jul 2007 23:38:29 -0400
Subject: Unwinding TCL stack

I've run across a bug in Insight 6.5 and I'm wondering whether it's a
known bug, one that has been fixed in 6.6, or one for which a simple fix
applies (I can't think of one).  I haven't yet upgraded to 6.6 because
that'll be a fair amount of work applying patches for a threads package
not supported by GDB.

The problem is that the TCL stack is not (always?) being unwound when
a GDB exception is thrown via throw_exception().  The TCL stack is
maintained via calls to Tcl_PushCallFrame() and Tcl_PopCallFrame(), the
first of which usually pushes a pointer to a CallFrame struct allocated
from the C stack.  If GDB throws an exception that skips over a call to
Tcl_PopCallFrame(), the TCL interp struct can be left with its framePtr
and varFramePtr fields pointing at a CallFrame struct that no longer
exists.  When that CallFrame is later used, the garbage data in it can
cause Insight to segfault.  I am seeing a segault in Tcl_FindCommand()
when it tries to use a bogus Namespace point that was obtained from
Tcl_GetCurrentNamespace(), which got the bad pointer via:

  nsPtr = iPtr->varFramePtr->nsPtr;

The value of iPtr->varFramePtr at this point was a stack address,
but one below the actual C stack pointer (on a Linux x86 machine
for which the C stack pointer obviously grows downwards):

  (gdb) p ((Interp *) interp)->varFramePtr->nsPtr
  $11 = (Namespace *) 0x17a
  (gdb) p ((Interp *) interp)->varFramePtr
  $12 = (CallFrame *) 0xbfffbd64
  (gdb) p $fp
  $13 = (void *) 0xbfffd988
  (gdb) p/x $sp
  $14 = 0xbfffd950

The complete trap backtrace was:
(gdb) bt
#0  0x0830fb82 in Tcl_FindCommand (interp=0x845ab20, name=0x9877b88 "gdbtk_tcl_fputs", contextNsPtr=0x0,
    flags=Variable "flags" is not available.
) at ../../../insight-6.5/tcl/unix/../generic/tclNamesp.c:1990
#1  0x08313f6d in SetCmdNameFromAny (interp=0x845ab20, objPtr=0x940ca30)
    at ../../../insight-6.5/tcl/unix/../generic/tclObj.c:3138
#2  0x08313d45 in Tcl_GetCommandFromObj (interp=0x845ab20, objPtr=0x940ca30)
    at ../../../insight-6.5/tcl/unix/../generic/tclObj.c:2883
#3  0x082ce267 in TclEvalObjvInternal (interp=0x845ab20, objc=2, objv=0xbfffda70,
    command=0x96c6ca0 "gdbtk_tcl_fputs {\n}", length=19, flags=0)
    at ../../../insight-6.5/tcl/unix/../generic/tclBasic.c:2980
#4  0x082cf916 in Tcl_EvalEx (interp=0x845ab20, script=0x96c6ca0 "gdbtk_tcl_fputs {\n}", numBytes=19,
    flags=0) at ../../../insight-6.5/tcl/unix/../generic/tclBasic.c:3646
#5  0x082cfd61 in Tcl_Eval (interp=0x845ab20, string=0x96c6ca0 "gdbtk_tcl_fputs {\n}")
    at ../../../insight-6.5/tcl/unix/../generic/tclBasic.c:3811
#6  0x080d3914 in gdbtk_two_elem_cmd (cmd_name=0x8351c18 "gdbtk_tcl_fputs", argv1=0x94632e8 "\n")
    at ../../insight-6.5/gdb/gdbtk/generic/gdbtk-hooks.c:216
#7  0x080d39f6 in gdbtk_fputs (ptr=0x94632e8 "\n", stream=0x844f480)
    at ../../insight-6.5/gdb/gdbtk/generic/gdbtk-hooks.c:336
#8  0x0809a628 in fputs_maybe_filtered (linebuffer=0x17a "", stream=0x844f480, filter=1)
    at ../../insight-6.5/gdb/utils.c:1912
#9  0x08099a0a in vfprintf_maybe_filtered (stream=0x844f480, format=Variable "format" is not available.
)
    at ../../insight-6.5/gdb/utils.c:2150
#10 0x08099a69 in fprintf_filtered (stream=0x844f480, format=0x83675f6 "\n")
    at ../../insight-6.5/gdb/utils.c:2190
#11 0x08121d79 in print_exception (file=0x844f480, e=
      {reason = RETURN_ERROR, error = GENERIC_ERROR, message = 0x9877950 "Cannot access memory at address 0xffff
ff46"}) at ../../insight-6.5/gdb/exceptions.c:312
#12 0x08121ead in print_any_exception (file=0x844f480, prefix=0x834618b "", e=
      {reason = RETURN_ERROR, error = GENERIC_ERROR, message = 0x9877950 "Cannot access memory at address 0xffff
ff46"}) at ../../insight-6.5/gdb/exceptions.c:372
#13 0x08122158 in catch_errors (func=0x80931e4 <captured_command_loop>, func_args=0x0,
    errstring=0x834618b "", mask=6) at ../../insight-6.5/gdb/exceptions.c:517
#14 0x08093873 in captured_main (data=0xbfffdfb0) at ../../insight-6.5/gdb/main.c:834
#15 0x08122133 in catch_errors (func=0x809321c <captured_main>, func_args=0xbfffdfb0,
    errstring=0x834618b "", mask=6) at ../../insight-6.5/gdb/exceptions.c:515
#16 0x0809405b in gdb_main (args=0x845ab20) at ../../insight-6.5/gdb/main.c:843
#17 0x080931dd in main (argc=378, argv=0x17a) at ../../insight-6.5/gdb/gdbtk/generic/gdbtk-main.c:36

Thanks,
Doug.

Follow-Ups:
- Re: Unwinding TCL stack
  - From: Keith Seitz

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]